Merge pull request #3564 from DefectDojo/release/1.11.0

Release: Merge release into master from: release/1.11.0

Author: madchap

.dockerignore

@@ -2,4 +2,3 @@
 .gitignore
 *.md
 .env*
-**/local_settings.py

.github/PULL_REQUEST_TEMPLATE/pull_request_template.md

@@ -15,8 +15,9 @@ Please update any documentation when needed (in the .MD files in this repo, as w
 
 This checklist is for your information.
 
-- [ ] Features/Changes/Bugfixes should be submitted against the `dev` branch by default
-- [ ] Hotfixes should be submitted against master (urgent bugfixes requiring a hotfix release)
+- [ ] Features/Changes/Bugfixes should be submitted against the `dev` branch by default.
+- [ ] Make sure to rebase your PR against the very latest `dev`.
+- [ ] Hotfixes should be submitted against master (urgent bugfixes requiring a hotfix release).
 - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
 - [ ] Your code is flake8 compliant.
 - [ ] Your code is python 3.6 compliant (specific python >3.6 syntax is currently not accepted).
@@ -29,7 +30,6 @@ This checklist is for your information.
 
 Please clear everything below when submitting your pull request, it's here purely for your information.
 
-
 Moderators: Labels currently accepted for PRs:
 - Import Scans (for new scanners/importers)
 - enhancement

.github/workflows/k8s-testing.yml

@@ -101,7 +101,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.0.1
+        uses: manusa/actions-setup-minikube@v2.3.0
         with:
           minikube version: 'v1.14.2'
           kubernetes version: 'v1.19.2'

.github/workflows/new-release-master-into-dev.yml

@@ -54,7 +54,7 @@ jobs:
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.7.2
+        uses: stefanzweifel/git-auto-commit-action@v4.8.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/new-release-pr.yml

@@ -60,7 +60,7 @@ jobs:
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.7.2
+        uses: stefanzweifel/git-auto-commit-action@v4.8.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/new-release-tag-docker.yml

@@ -46,20 +46,13 @@ jobs:
             Fill in with release drafter information manually for now, then publish.
           draft: true
           prerelease: false
-  job-build-matrix:
-    needs: tag-and-release
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-      - id: set-matrix
-        # ref should be the tag name
-        run: echo "::set-output name=matrix::{\"docker-image\":[\"django\",\"nginx\"],\"docker-tag\":[\"latest\",\"${{ github.event.inputs.release_number }}\"]}"
+
   job-build-and-push:
-    needs: job-build-matrix
+    needs: tag-and-release
     runs-on: ubuntu-latest
     strategy:
-      matrix: ${{fromJson(needs.job-build-matrix.outputs.matrix)}}
+      matrix: 
+          docker-image: [django, nginx]
     steps:
       - name: Login to DockerHub
         uses: docker/login-action@v1
@@ -82,7 +75,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           push: true
-          tags: ${{ env.REPO_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ matrix.docker-tag }}
+          tags: ${{ env.REPO_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ matrix.docker-image}}:latest
           file: ./Dockerfile.${{ matrix.docker-image }}
           context: .
       - name: Image digest

.github/workflows/plantuml.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           args: -v -tpng ${{ steps.getfile.outputs.files }}
       - name: Push Local Changes
-        uses: stefanzweifel/git-auto-commit-action@v4.7.2
+        uses: stefanzweifel/git-auto-commit-action@v4.8.0
         with:
           commit_user_name: "PlantUML_bot"
           commit_user_email: "[email protected]"

.travis.yml

@@ -21,29 +21,6 @@ For changes that require additional settings, you can now use local_settings.py
 ## Python3 version
 For compatibility reasons, the code in dev branch should be python3.6 compliant.
 
-## Logging
-Logging is configured in `settings.dist.py` and can be tuned using a `local_settings.py`, see [template for local_settings.py](dojo/settings/template-local_settings)
-Specific logger can be added. For example to activate logs related to the deduplication, change the level from DEBUG to INFO in `local_settings.py`:
-
-
-```
-LOGGING['loggers']['dojo.specific-loggers.deduplication']['level'] = 'DEBUG'
-```
-
-Or you can modify `settings.dist.py` directly, but this adds the risk of having conflicts when `settings.dist.py` gets updated upstream. 
-
-```
-          'dojo.specific-loggers.deduplication': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        }
-```
-
-## Debug Toolbar
-In the `dojo/settings/template-local_settings.py` you'll find instructions on how to enable the [Django Debug Toolbar](https://github.com/jazzband/django-debug-toolbar).
-This toolbar allows you to debug SQL queries, and shows some other interesting information.
-
 ## Submitting Pull Requests
 
 The following are things to consider before submitting a pull request to
@@ -70,5 +47,3 @@ DefectDojo.
 [setup_bash]: /setup.bash "Bash setup script"
 [pep8]: https://www.python.org/dev/peps/pep-0008/ "PEP8"
 [flake8 built-in commit hooks]: https://flake8.pycqa.org/en/latest/user/using-hooks.html#built-in-hook-integration
-
-   

CONTRIBUTING.md

@@ -152,7 +152,7 @@ docker-compose logs initializer | grep "Admin password:"
 
 Make sure you write down the first password generated as you'll need it when re-starting the application.
 
-# Option to change the password 
+## Option to change the password 
 * If you dont have admin password use the below command to change the password. 
 * After starting the container and open another tab in the same folder.  
 * django-defectdojo_uwsgi_1 -- name obtained from running containers using ```zsh docker ps ``` command
@@ -161,6 +161,29 @@ Make sure you write down the first password generated as you'll need it when re-
 docker exec -it django-defectdojo_uwsgi_1 ./manage.py changepassword admin
 ```
 
+# Logging
+For docker-compose release mode the log level is INFO. In the other modes the log level is DEBUG. Logging is configured in `settings.dist.py` and can be tuned using a `local_settings.py`, see [template for local_settings.py](dojo/settings/template-local_settings). For example the deduplication logger can be set to DEBUG in a local_settings.py file:
+
+
+```
+LOGGING['loggers']['dojo.specific-loggers.deduplication']['level'] = 'DEBUG'
+```
+
+Or you can modify `settings.dist.py` directly, but this adds the risk of having conflicts when `settings.dist.py` gets updated upstream. 
+
+```
+          'dojo.specific-loggers.deduplication': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        }
+```
+
+## Debug Toolbar
+In the `dojo/settings/template-local_settings.py` you'll find instructions on how to enable the [Django Debug Toolbar](https://github.com/jazzband/django-debug-toolbar).
+This toolbar allows you to debug SQL queries, and shows some other interesting information.
+
+
 # Exploitation, versioning
 ## Disable the database initialization
 The initializer container can be disabled by exporting: `export DD_INITIALIZE=false`.